SBN

Reading from memory

Remembering a long list of unfamiliar digits and letters may initially involve breaking down the long list of data into more manageable chunks that fall within the capacity of short-term memory. Cognitive psychologists have argued that in average human can hold 2-9 number of objects for a limited duration of maximum 30 second in short-term memory[i],[ii]. The time to remember these chunks and the size of them can reflect individuals state of cognition such as having previous knowledge[iii], level of general intelligence[iv], age, emotional condition[v], and so on. The brain encoding on reading unfamiliar texts leaves personalized keystroke dynamics indicating individual short-term memory capacity.

Writing tasks with different cognitive loads, how are keystroke features affected?

In-house data were recorded where users were asked to submit the following application, see Illustration 1,  5 times. The ability to type unknown inputs is tested with targets of different characteristics; notBot, which is a composition of 8 digits and letters; one time password (OTP) which holds 12 digits, and a 16-digit code (xxxx-xxxx-xxxx-xxxx), each group of 4 separated by a hyphen. The first two were varied each time the user entered data and the last was always fixed.

Application Form

Illustration 1: In-house application form

As seen in Illustration 2 below, the strategy to type the targets differs; the main trend is decreasing coherence and increasing time when going from known to unknown objects. We may also see different factors in memory capacity in unknown objects; Memory rehearsal in repeatedly typing the fixed code results in faster response, (shorter time) and larger chunks (the dash-line separated digits) compared to typing the OTP and notBot objects. Length effect in typing the OTP with 12 digits leads to slower response compare to the notBot objects. More chunking in notBot can be referred to dissimilarity in sending composition of letter and digit into short-term memory.

Illustration 2: Sensitivity of the memorization features to field type

Reading from sheet detection

A classifier is trained and tested over 200K objects of different cognitive loads collected from a leading lending company’s loan application. Illustration 3 shows objects population in reading from memory “0” and from sheet “1”.

Illustration 3: Reading from sheet detection model is trained with over 200K objects from a leading lending company’s data.

Loan application

Illustration 4 below is an example of how the model is used to give actionable information to prevent fraudsters in the lending business; interaction of applicants with targets like IBAN- and identification-code. Applicants “1” who paid back the loan are more prepared to read from memory and applicants “0” who did not pay back the loan show more memorization ability to read from sheet.

Illustration 4: How reading from memory model helps detect fraudulent users in typing targets like IBAN-code, identification-code and elector-key.

User authentication

The reading from sheet model on 8-digit OTP; Illustration 5 below presents a population of 20 users each entering OTP for 100 times. Though users behave distinctively in terms of memory capacity, the majority are more toward encoding to short memory (low score) than writing directly from the OTP generator (high score).

OTP Memory

Illustration 5: Reading from sheet score on 8-digit OTP. Colors show different users; 20 users each 100 OTPs.

Short-term memory capacity depends on a variety of factors and exploring all is beyond the scope of this blog post. However, we have seen that keystroke memorization features can to a large extend present this personalized characteristic. This new memorization model has already helped us improve our customers fraud detection capabilities in the following use cases:

  • New account fraud
  • Credential stuffing
  • User authentication

For more on this topic, watch our webinar:

How Your Short-Term Memory Helps Us Keep You Safe From Fraudsters

 

Sources:

[i]      http://psychclassics.yorku.ca/Miller/#f1

[ii]    https://www.ncbi.nlm.nih.gov/pubmed/11515286

[iii]   https://www.sciencedirect.com/science/article/pii/S0079742108605460?via%3Dihub

[iv]    http://www.chrest.info/Fribourg_Cours_Expertise/Articles-www/II%20Donnees%20empiriques/ericsson-mnemonics.pdf?LMCL=yfDcAk

[v]     https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5573739/

The post Reading from memory appeared first on BehavioSec.

*** This is a Security Bloggers Network syndicated blog from BehavioSec authored by Shabnam Oghbaiee. Read the original post at: https://www.behaviosec.com/reading-from-memory/